From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 20:48:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B231F16A4CE for ; Wed, 9 Feb 2005 20:48:20 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C704943D46 for ; Wed, 9 Feb 2005 20:48:19 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 24073 invoked from network); 9 Feb 2005 20:26:48 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 9 Feb 2005 20:26:48 -0000 Message-ID: <420A7712.45001B85@networx.ch> Date: Wed, 09 Feb 2005 21:48:18 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "David G. Andersen" References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 20:48:20 -0000 "David G. Andersen" wrote: > > On Wed, Feb 09, 2005 at 01:58:28PM -0500, David G. Andersen scribed: > > On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed: > > > > > > > > (Barring that, has anyone patched it in their own system, and if so, > > > > would you mind sending me the patch? I dislike running custom kernel > > > > code on these machines, but I'm happy to do so to get things working. :) > > > > > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to > > > fix it the most correct way. > > > > Should have CC:'d; sorry. > > > > Thanks much for the quick response, Andre. If there's a patch available, > > or any workaround you can think of, I'd love to know. Also, if you > > need a beta tester or a test machine, or if there's anything else I > > can do, please don't hesitate to ask. I'm happy to hack on it if > > needs be. > > To answer my own question - I removed the if local checks, and have > a functioning kernel again, back to whatever bug Andre's patch was > correcting. :) The problem is with locally generated packets which go the wrong way. This gets nasty when the box has to generate some path MTU discovery ICMP message and such. What I implemented is the correct thing to do and prevents foot-shooting. On the other hand it prevents people from forwarding local ports and such. Both sides of the coin have merit and there is no easy deciding between them or obvious right or wrong choice. -- Andre